search

EngineerBetter / concourse-up

Deprecated - used Control Tower instead
https://github.com/EngineerBetter/control-tower
Apache License 2.0
203 stars 28 forks source link

Forbidden error messages #70

Closed zer-o-rez closed 5 years ago

zer-o-rez commented 5 years ago

I've used concourse-up to deploy in the past. My aws access keys have not changed. Now when I attempt to get info on my deployment I get:

Forbidden: Forbidden
    status code: 403, request id: 28FB2C0419D182D4, host id: mU6KWkZXpx7Rho6bPlhYbrSJ/sZ22viT6pj8L/GvZidGTw6m7WUQryuM9iMSgFsky5WVJDlno1Q=

I also tried concourse-up deploy test and got this error:

env var AWS_ACCESS_KEY_ID not found

Which was odd because my ~/.aws/credentials` file has my keys in it and my bash_profile exports the keys as environment variables.

I was on an older version of concourse-up so I upgraded to version Concourse-Up version 0.13.9 and pulled the latest changes from master.

I tested my credentials and they worked. I created new credentials for my IAM user and those still wont work with concourse-up. I tested a few aws cli commands and those commands work. So, I don't know what's happening now.

crsimmons commented 5 years ago

Hi @alohaahola

I just tested this on my machine and it seems to work as expected.

$ env | grep -i aws
AWS_ACCESS_KEY_ID=<snip>
AWS_SECRET_ACCESS_KEY=<snip>
$ cup --version
Concourse-Up version 0.13.9
$cup deploy aws-creds-test

WARNING: allowing access from local machine (address: <snip>)

aws_eip.atc: Creating...
  allocation_id:     "" => "<computed>"
  association_id:    "" => "<computed>"
  domain:            "" => "<computed>"
  instance:          "" => "<computed>"
  network_interface: "" => "<computed>"
  private_ip:        "" => "<computed>"
  public_ip:         "" => "<computed>"
  vpc:               "" => "true"
...

Can you double check your env to make sure your bash_profile has exported your credentials properly?

Its worth noting that concourse-up deployment names have to be globally unique by region so its quite likely that a deployment called test already exists in eu-west-1 so running concourse-up deploy test verbatim would get an error since you don't control that bucket.

zer-o-rez commented 5 years ago

Thanks for the quick reply @crsimmons I've pasted my info below. Is there any other debug info I gather?

$ env | grep -i aws; concourse-up --version; grep -i aws ~/.bash_profile; aws ec2 describe-instances > /dev/null && printf "success\n"; concourse-up deploy aws-creds-test

AWS_SECRET_ACCESS_KEY=<yes>
AWS_ACCESS_KEY_ID=<yes>

Concourse-Up version 0.13.9

export AWS_ACCESS_KEY_ID=<yes>
export AWS_SECRET_ACCESS_KEY=<yes>

success

Forbidden: Forbidden
    status code: 403, request id: C888451116DC056B, host id: yciS8sn3/L7TenJp0/xcKNLt/J6D/hKAMVFAiNYHVFNas2cIqeDyd3yp01rPfaUHPwQyb6TO938=
zer-o-rez commented 5 years ago

I resolved this with the info from @crsimmons. I thought my deployment name was unique. It was not. 😄